The Domain Name System (DNS) is a critical aspect of the internet. As such, it is on the very frontline of the cybersecurity battle against ever more determined hackers. Unfortunately, many businesses do not appreciate the importance of DNS security – and that exacerbates their vulnerability.
This article will briefly explain how the DNS raises cybersecurity issues and what can be done to address those concerns.
Why is DNS Important for Your Business?
The DNS is like the backbone of the internet: it makes the internet accessible to users. Its evolution closely tracks the development of the internet itself during the latter decades of the 20th century.
Sometimes called the phonebook of the internet, the DNS allows websites and applications to be findable by translating a business or organization domain name, which people can remember, into its IP address, a long string of numbers, which most people cannot remember. This vast metaphorical phonebook is dispersed across a network of servers all over the world, assigned the work of mapping domain names to IP addresses. Of course, this phonebook metaphor obscures a great deal of complexity in how the DNS process works. When a user types a domain name into their browser, an entire sequence of steps is triggered. Yet this behind-thescenes complexity is largely invisible to the user.
Thus, when a customer wants to visit a particular website, they may remember the domain name, e.g. ‘nytimes.com’. The DNS then does the rest, identifying the exact IP address required. Without such a system, the customer would need to remember the IP address, e.g. ‘126.96.36.199’.
If a business needs to change its IP address for any reason, the DNS can handle this. For example, if it switched to a different web host, the DNS would ensure that customers find the required applications at its new IP addresses.
Most of us take all this for granted, especially as the experience usually feels seamless and instantaneous. But, quite simply, without the DNS – and the network of servers that support it – the internet, as we experience it, would not be possible.
How Does DNS Raise Security Concerns?
Just as customer service teams draw on data from a customer satisfaction score to safeguard the company’s reputation, cybersecurity teams must implement measures to protect the company from cybersecurity threats that put the company’s operations at risk.
Fortunately, cybersecurity has steadily become a higher priority for most businesses in recent years. Attacks have been surging, as have the costs of falling victim to such attacks. As it plays such a foundational, and perhaps often overlooked, role in the internet, it is unsurprising that the DNS is a significant vector for cyber-attacks.
Many businesses have strong cybersecurity measures to protect other areas of their IT operations. That may include systems that monitor their networks, email, and web traffic. Yet, DNS security often gets neglected with damaging results.
The DNS is so ubiquitous it is almost invisible, so many fail to conceive how it could bring harm. Moreover, cyberattackers are becoming shrewder and finding new ways to attack organizations via the DNS. A few statistics illustrate the size of the challenge. A 2021 IDC survey found that 87% of organizations were subject to a DNS attack that year. In addition, over three-quarters of these resulted in application downtime, which then took an average of five and a half hours to fix. Other attacks resulted in costly and reputation-damaging data breaches.
Suffice to say, businesses cannot afford to ignore this danger any longer.
What are the main threats?
Here are a few prominent examples of how the DNS can be targeted in attacks:
- Denial of Service (DoS) – These types of attacks use bots to flood the DNS servers with excessive requests, thus, causing them to crash. As a result, internet users cannot access the applications and servers that rely on those particular DNS servers.
- Distributed Denial of Service (DDoS) – While similar to DoS, in this scenario, the attacker enlists additional support, either from willing accomplices, e.g. hacktivists, or from computers infected with malware. The target is ambushed from multiple directions, meaning DDoS attacks can be very severe.
- DNS Hijacking – Attackers take control of a DNS server and are then able to misdirect users to fake and malicious sites.
There are other threats, such as DNS tunneling, amplification, and spoofing attacks. Attackers can use a range of techniques to take advantage of weaknesses in the DNS. Like other areas of cybersecurity, it is an endless cycle of cat and mouse.
True, the defenses to prevent such attacks are evolving, but attackers are also growing in inventiveness and sophistication in their attempts to bypass those defenses.
The DNS is decades old, taking shape in a much smaller, simpler, and safer digital world. It has no way of knowing when it is being tricked. It operates blindly, with no inherent authentication, thus, it is a fertile target for cybercriminals.
New Threats to DNS
The constant evolution of technology and its place in society raise additional challenges. Take, for example, the following:
- The increase of Bring Your Own Device (BYOD) policies in some workplaces blur the perimeter of an IT infrastructure and present new opportunities for would-be attackers.
- The growth of remote working in recent years, and the remote access requirements this entails, has had a similar impact.
- The rise of the Internet of Things (IoT) has massively increased the range and scope of the internet. That substantially increases the attack surface available to hackers.
“Cybersecurity is a constantly evolving field. As attackers develop new techniques, businesses need to be ready to respond. And that will prompt attackers to look for additional weaknesses to exploit and new modes of attack.” says Isaac Madan, CEO of Nightfall.
What Constitutes Good DNS Security?
Given the risks outlined above, DNS security should be a priority for all businesses with an internet presence. So, what can be done to protect businesses from these dangers? DNS security must be a central pillar of every cybersecurity strategy. Here are a few features that constitute a robust DNS security stance.
1. A pre-emptive approach
The best DNS security is pre-emptive, blocking threats before they reach the business’s infrastructure. A robust defense requires constant vigilance against emerging dangers. Similarly, threat modeling should be embedded across all the business’s IT projects, identifying risks and mitigations. Another way to preempt DNS attacks being sent from your accounts is to use an SPF record checker. This updates your DNS with all of the legitimate email servers that are authorized to send emails to your account and blocks phishing or spoofing emails from using your domain.
2. Robust and secure DNS infrastructure
A robust and secure DNS infrastructure has various aspects. For example:
- A business’s DNS infrastructure should have excess capacity (‘redundancy’) to insure against problems. That might be investing in a secondary, backup DNS server.
- Users should only have the access level they need for their role.
3. Leverage AI and ML
Automation, Artificial Intelligence (AI), and Machine Learning (ML) are revolutionizing the whole spectrum of business operations – from stock management to automatic distributor systems. Cybersecurity is no exception. AI now plays a crucial role in ensuring constant vigilance, monitoring internet activity in real-time, both within and beyond the business, and identifying atypical, potentially threatening behavior.
4. Effective response and investigation
The best approaches feature business contingency plans with effective response and investigation protocols. With these in place, potential threats and actual intrusions can be promptly handled, minimizing disruption and harm to the business. Once again, automation and AI play an important part here.
Get the Support Your Business Needs
While this guide sums up the most significant facets, there are many more elements of a robust DNS security stance.
But as mentioned, the requirements here are far from static. As the dangers evolve, so does best practice around DNS security. As well as implementing the above security measures, keep in mind that it may be worth partnering with a DNS security specialist to review your situation. Do not underestimate the importance of DNS security, and take the necessary steps to protect your business today.